Entries by Darren Hale

OWASP Vulnerability #6 – Sensitive Data Exposure

Number 6 on the OWASP Top 10 List is Sensitive Data Exposure.  This vulnerability occurs when data that should not be seen, such as credit card numbers, tax ID numbers, passwords, and social security numbers becomes exposed.  At Clearent, we pay close attention to this issue and work hard to ensure that our data is […]

OWASP Vulnerability #7 – Missing Function Level Access Control

The next vulnerability to look at from the OWASP Top 10 List of Web Vulnerabilities is #7, Missing Function Level Access Control.  This vulnerability is easy to understand, but is important to acknowledge because of its abundance in web applications.  At Clearent, we have always paid close attention to function level access control because it […]

OWASP Vulnerability #8 – Cross-Site Request Forgery (CSRF)

  Continuing with the discussion of the OWASP Top 10 Web Vulnerabilities, this post will look at number 8: cross-site request forgery. This particular vulnerability is difficult for many people to understand, but can be quite common in web applications. Because of its prevalence, Clearent has had to digest and understand this vulnerability in order […]

Why We Use TDD

Ever since I started working as a developer for Clearent, I’ve been an adamant supporter of Test Driven Development (TDD).  I adopted this development practice a very long time ago and have seen its benefits over and over again. What is TDD? Test Driven Development is a coding practice where a developer writes a failing […]

PCI Check Up

At Clearent, we are starting preparations for our annual PCI audit.  One of the components of the PCI audit is ensuring that web applications guard against the OWASP Top 10 Web Application Vulnerabilities.  I thought this would be a good time to review that list. The OWASP.org_PDF is the best source of information if you are creating […]

Working Toward Continuous Delivery

One of the biggest difficulties in software development is deployment.  Figuring out how to package an application, transfer it around, install it, etc. has been a challenge from the dawn of programming.  Continuous delivery is a term used to describe an environment where software flows from a developer into production, through all of the necessary […]

Understanding DNX

Getting a handle on the new .NET Execution Environment (DNX) is difficult. I’ve been following the project for a while, and still get twisted around trying to explain it to other developers. I believe the following analogy and diagram help to understand the environment. Keep in mind, this is a tenuous comparison meant to help […]